APT / THREAT GROUP

FDMTP

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

FDMTP is a newly discovered hacking tool developed in .NET, used by Earth Preta. It functions as a simple malware downloader and is based on the TouchSocket framework over the Duplex Message Transport Protocol (DMTP). In one campaign, threat actors embedded FDMTP in the data section of a DLL. This allows it to be launched through DLL side-loading. The embedded network configurations are encoded and encrypted to enhance security and evade detection, utilizing Base64 and DES encryption methods. It has been observed to serve as a secondary control tool, often deployed by the PUBLOAD backdoor.

Threat Analysis

FDMTP is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning FDMTP

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.fdmtpFDMTP

External Intelligence

Malpedia: win.fdmtp

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
FDMTP — APT / Threat Group | Threat Intelligence | CTIWATCH.COM